Stories
Slash Boxes
Comments
typodupeerror delete not in
  • Preferences

Comments: 200 +-   Trend Micro Sues Barracuda Over Open Source Anti-Virus on Tuesday January 29 2008, @08:42AM

Posted by Zonk on Tuesday January 29 2008, @08:42AM
from the troubled-waters dept.
business
government
court
software
internet
news
linux
Anti-virus firm Trend Micro is suing Barracuda Networks over their use of the open source anti-virus product ClamAV. The issue is Trend Micro's patent on 'anti-virus detection on an SMTP or FTP gateway'. Companies like Symantec and McAfee are already paying licensing fees to Trend Micro. Groklaw carries the word from Barracuda that they intend to fight this case, and are seeking information on prior art to bring to trial. Commentary on the O'Reilly site notes (in strident terms) the strange reality of patents gone bad, while a post to the C|Net site explores the potential ramifications for open source security projects. "Barracuda has been able to leverage open source to bring down the cost of security. Early on Barracuda was blocking spam and viruses at roughly 1/10 the price of the nearest proprietary competitor (that was only selling an antivirus solution). Barracuda has helped to bring down prices across the board, and it has been able to do so because of open source. More open source equals less spam and more security. Trend Micro is effectively trying to raise the price of security." Slashdot and Linux.com are both owned by SourceForge.
story

Related Stories

This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Trend Micro Sues Barracuda Over Open Source Anti-Virus 50 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.

  • Yes (Score:4, Insightful)

    by niceone (992278) * on Tuesday January 29 2008, @08:45AM (#22220676) Journal
    Trend Micro is effectively trying to raise the price of security

    Um, that's what the patent system is supposed to do - to make it worthwhile investing in inventing things! Whether this is a reasonable thing to patent is another question, but you can't really complain about the patent system doing what it is meant to do.

    • Re:Yes (Score:5, Informative)

      by hey! (33014) on Tuesday January 29 2008, @09:06AM (#22220870) Homepage Journal
      Well, to be more accurate, what the patent system is supposed to do in a case like this is lower the net costs of security, and then reward the inventor by diverting some of the savings to him.

      In theory it works like this. Your company is losing $10 million dollars a year because of lack of security. Fixing the problem would cost you $5 million. The inventor comes up with something that you would not have, that cuts the cost from $5 to $1, and he splits the savings with you. He walks of with $2M, you save $2M over doing it yourself of $8M over not doing anything.

      It all breaks down when the patent system issues obvious patents of the form "apply well known technology X in common context Y." In that case, you (or somebody you hired) could solve the problem for $1M. The patent doesn't represent two million dollars of new savings, it represents a million dollars of new expenses.

      • Re:Yes (Score:5, Insightful)

        by smilindog2000 (907665) <bill@billrocks.org> on Tuesday January 29 2008, @09:11AM (#22220904) Homepage
        In short, you can't violate a patent in your head. You should not be able to violate a patent by typing. This is the simple dividing line between the good and bad patents I see scrolling across slashdot. We let Microsoft and other big American companies con Congress into this, and the rest of the world isn't dumb enough to go along. Sooner or later, we need to fix this... every year it hurts our competitiveness.

        • Re:Yes (Score:4, Insightful)

          by eurleif (613257) on Tuesday January 29 2008, @10:43AM (#22221858)

          You should not be able to violate a patent by typing.
          What if I type out code to program a robotic arm to construct a patented physical object?

          • Re: (Score:3, Insightful)

            by malkavian (9512)
            You can happily copyright the code, but shouldn't be able to patent it. The physical object would still be patented.
            You don't violate the patent on the object just by typing the code, or even executing it. You violate the patent by actually having the robot arm create the final object. You could run the code to your heart's content if it were operating in 'test' without creating the final object without violating the patent.

      • Re:Yes (Score:4, Informative)

        by radarjd (931774) on Tuesday January 29 2008, @09:48AM (#22221282)

        Well, to be more accurate, what the patent system is supposed to do in a case like this is lower the net costs of security, and then reward the inventor by diverting some of the savings to him.

        That may be the economic theory, but I don't think it's necessarily the legal theory. Legally, the patent system is supposed to induce inventors to create new processes, materials, machines, etc. and to disclose their inventions so that they will eventually be owned by the public. Something often lost on the discussions on this site is that any patented invention will become public domain. In 20 years, potential patent holders will have to overcome this "land grab" of patents that we're currently experiencing. The broader the patents now granted, the more difficult they will be to overcome in the future.

        I personally believe that the current problem with our system is that the patent office (due in large part to a decision by the Supreme Court) didn't grant software patents (in the form of business method or machine patents) earlier. Had the land grab happened thirty years ago, and the patent office learned to deal with it then, this all would have been worked out by now. The hobbyist software creator didn't exist in large part thirty years ago, and the fights would have been between large companies like IBM and its challengers.

        The case referred to above was Gottschalk v Benson [wikipedia.org] 409 US 63 [findlaw.com]. The Court held that mathematical expressions could not be patented, and essentially found that all computer programs were mathematical expressions. The patent in question was for a bit shifter (converting decimal numbers into binary). IMO, we would be better off today had they simply found the patented material to be obvious, which is what many amici suggested.

        • Re:Yes (Score:5, Funny)

          by rben (542324) on Tuesday January 29 2008, @10:31AM (#22221760) Homepage
          >The hobbyist software creator didn't exist in large part thirty years ago

          Damn, I just vanished in a puff of logic!

        • Had the land grab happened thirty years ago, and the patent office learned to deal with it then, this all would have been worked out by now. The hobbyist software creator didn't exist in large part thirty years ago, and the fights would have been between large companies like IBM and its challengers.

          True that. Seriously, folks, who's got the patent on operating systems? Software that interfaces with hardware for you? That would be great. Software patents work great until it's something obvious that shouldn't be patentable, but who draws the line? That's what we're arguing here. An antivirus on an smtp or ftp gateway? In what way is that any less obvious than an operating system?

          I'm going to patent writing data to hard drives, and make millions off this system in the name of progress.

      • Well, to be more accurate, what the patent system is supposed to do in a case like this is lower the net costs of security, and then reward the inventor by diverting some of the savings to him.

        Sort of, yes, but mostly, no. (Or you are just be using "net cost" loosely.) Patent system isn't supposed drive down prices, it is supposed to drive up the benefits. Patent system also only works over time, sometimes quite a long time. One can't really make any claims or observations about the patent system at any sin

      • Re:Yes (Score:5, Funny)

        by prelelat (201821) on Tuesday January 29 2008, @11:00AM (#22222064)
        Mario was a great inventor coming up with all sorts of ideas. As time went on Mario couldn't keep up with all of his ideas, he didn't know what to do. So he wrote down the process that he used to come up with those ideas so that he could hire others to think things for him so that he wouldn't loose his ideas. Weeks after this started employees quit working and started their own inventions using Mario's method of creating.

        Mario was furious and went to court he won, he had prior art. So after that he filed for a patent on all of his ways of making ideas. Mario now owned any intelligent thought. He renamed it Mario's idea machine, people had to pay him an annual fee of 200 dollars to have 2 good ideas a year, anymore and they would have to purchase extra licenses at a greater cost. Mario no longer had to have ideas of his own, he had a workshop of idea people, and the whole world had to pay him to have ideas. But there was a problem, no one wanted to have ideas because they couldn't afford to have them. People became stupid as having good ideas was no longer an excepted thing to do. The people in Mario's shop never came up with new and exciting ideas anymore because they were too busy fighting lawsuits against people who had ideas such as the pirate brain. The world stopped, hunger set in, the population decreased. Finally when the patent was about to expire Mario's great great grandchild had a great idea, extend the patent another 10 years. The law passed, only because by this time it was only accepted to have stupid ideas, seeing as how all the good ideas cost money.

        Finally the patent expired, all that were left looked like mindless cavemen. They lived in shells of homes, with little to know food. All that was spoken were grunts, people had been afraid litigation for so long they were afraid to say something smart. Forest and animals have overgrown most of the cities, people had been living off of canned spam for years.

        Moral of the story is stupid patents ruin society, stop it.

    • Re:Yes (Score:5, Insightful)

      by troll -1 (956834) on Tuesday January 29 2008, @09:15AM (#22220946)
      Respectfully disagree.

      The patent system is *not* supposed to raise the price of security.

      The patent system is supposed to:

      To promote the Progress of Science and useful Arts [source: US Constitution [archives.gov], Article I, Sec. 8.

      Making a profit from something as obvious as putting a filter in a firewall does little or nothing to achieve this goal. The largest patent holders (including IBM and Microsoft) all agree the system needs reform. But patent reform is a lot like campaign finance reform, everyone agrees there's a problem but no one really has anything they can realistically take to congress.

  • Prior art? (Score:4, Interesting)

    by initialE (758110) on Tuesday January 29 2008, @08:49AM (#22220700)
    Why not say that this behavior is the inadvertent result of placing 2 products, an SMTP gateway, and an antivirus client, side by side on the same server? the gateway stores the mail in a temporary store, whereupon the antivirus just happens to sanitize it, before the mail is again sent on it's way. This is obviousness in the extreme.

    • Re:Prior art? (Score:4, Insightful)

      by Thanshin (1188877) on Tuesday January 29 2008, @09:00AM (#22220824)

      Why not say that this behavior is the inadvertent result of placing 2 products, an SMTP gateway, and an antivirus client, side by side on the same server?
      A lot of processes can be simplified in such way and still are original. A decision has to be made even if a process seems obvious after being "discovered".

    • Why not say that this behavior is the inadvertent result of placing 2 products, an SMTP gateway, and an antivirus client, side by side on the same server? the gateway stores the mail in a temporary store, whereupon the antivirus just happens to sanitize it, before the mail is again sent on it's way. This is obviousness in the extreme.


      That's a good idea, you should patent it.

      "Virus scanning of cache and temporary files before end user utilization."
  • There's a lot of mail admins out there - and a lot who consider a quick & dirty mail relay running Linux and ClamAV to be a pretty good first line of defense against email-borne trojans and virii. Seeing as ClamAV doesn't have a daemon mode, and end users in any large organisation can seldom be trusted to run their own AV scans as required[1] that's pretty much the biggest use for it.

    [1] Yes I know all you geeks might be OK. But you're not the sort to open every silly email you receive. The reception

    • Re: (Score:3, Informative)

      by j-turkey (187775)

      There's a lot of mail admins out there - and a lot who consider a quick & dirty mail relay running Linux and ClamAV to be a pretty good first line of defense against email-borne trojans and virii. Seeing as ClamAV doesn't have a daemon mode, and end users in any large organisation can seldom be trusted to run their own AV scans as required[1] that's pretty much the biggest use for it.

      ClamAV does have a daemon mode [die.net]. Are you thinking of a local Windows client? Realtime filesystem scanning?

    • Re:Bad news for a lot of us (Score:5, Funny)

      by MonsterOfTheLake (880659) on Tuesday January 29 2008, @08:57AM (#22220796) Homepage

      The receptionist who forwards all the "Look Out for the Terrible Good Times Virus!!!111OMGWTFBBQ" emails she receives is, and if she could be relied upon to follow good computing practices, we wouldn't need AV software in the first place.
      Man, I hate that receptionist.

    • Re: (Score:2, Informative)

      by kc8tbe (772879)
      ClamAV does have a daemon, it just doesn't have on on-access scanner for Windows -- yet. The people over at Clamwin http://www.clamwin.com/content/view/35/27/ [clamwin.com] are working on one. Linux users interested in on-access scanning should look up Clamuko, but then if you run Linux you probably don't need an on-access virus scanner...
    • jimicus wrote:
      > Seeing as ClamAV doesn't have a daemon mode

      The stackable filesystem team (the ones who wrote Unionfs [sunysb.edu]) put together a filesystem that uses ClamAV [sunysb.edu] to perform on-access virus scanning in the kernel.
    • While your statement is true, there is a huge difference between what everyday admins are doing within their organization and what Barracuda is doing. Barracuda are packaging clamav and selling it as a product (regardless of the merits or lack their of of this lawsuit).

      Also, while I do believe the patent is overly broad, this is what the patents are for. It is not like Trend Micro is a patent hoarding firm, they do make products, in fact they actually make products that relate to the patents they hold, so

  • Prior art or obviousness? (Score:3, Insightful)

    by Anonymous Coward on Tuesday January 29 2008, @08:54AM (#22220752)
    Can we really be bothered to break out those archived procmail scripts? We're talking about a functional equivalent of a unix pipe; novel or inventive -- I think not!

    Go barracuda!

    • Re: (Score:2, Insightful)

      by ElBeano (570883)
      AC is exactly right. This isn't worthy of a patent. Convincing the court of this will nonetheless require educating people who are likely to be clueless as to WHY this is obvious. To those who disagree, please tell my why this deserves a patent and why any sane admin wouldn't think of it without Trend Micro's help?

  • MIMEsweeper prior art (Score:5, Informative)

    by RupW (515653) * on Tuesday January 29 2008, @08:54AM (#22220770)
    From TFA (the Groklaw article):

    We also believe that a product called MIMESweeper 1.0 from a company called Clearswift, Authentium, or Integralis anticipates several claims of the '600 patent. We have yet to locate a copy of this product and would appreciate anyone who has a copy sending it our way.
    Yes, Clearswift currently own MIMEsweeper although Clearswift didn't exist back then - they're a merger of several firms who had similar products.

    They're not hard to find [clearswift.com]. Why not just ask them?
    • They would do well to find that product. According to this Google Groups thread [google.com], it was shown at a tradeshow called "Networks 95" in July, 2 months before the patent application was filed.

      Either way, the mere fact that people were asking for such a product on usenet prior to the filing date should help their case.

  • Granting frivolous patents should be punishable (Score:4, Interesting)

    by Thanshin (1188877) on Tuesday January 29 2008, @08:56AM (#22220790)
    The people who grant patents should be liable to be fired for gross incompetence?

    If I file a patent for the process of giving names to children so they can be distinguished and it's granted, is there someone responsible for that? When a judge overturns the patent, the granter should suffer the consequences somehow.

      • Firing whoever's in charge of it? Again, nobody would want to work there if they had to accept that liability.
        Yeah, it'd really suck if those put in positions of power whose daily actions affect the entire future of innovation of an entire country were to be actually held accountable for the fallout from their bad decisions.

      • Re: (Score:3, Insightful)

        by Thanshin (1188877)

        If you did that, nobody would want to work for the patent office.

        That only means it's underpaid.

        Lot's of people work in positions that would instantly fire them at the first mistake, and with much subtler mistakes than those we are arguing about*. They still like those jobs because, as long as they can keep them, they pay well.

        *: I do believe that in patent granting there must be really convoluted and complex cases that involve very uses of previous knowledge in subtle ways. However I don't believe those cases conform the majority.

  • My ISP... (Score:2, Interesting)

    by baadger (764884)
    My ISP does anti-viral scanning on outgoing mail via SMTP. Does this mean they, and every other similarly setup ISP, are paying royalties to Trend Micro?

    If so, I think I quite fancy changing ISPs. I could be paying to support this ludicrous patent.

    • Re: (Score:2, Insightful)

      by AndrewNeo (979708)
      The ISP probably didn't write their own virus-scanning software. They probably bought it, and the company they bought it from may or may not be paying royalties.
  • Trend Micro have been in the business a long time, how long? Long enough to OWN "antivirus.com". How many 386 and earlier motherboards had "trend chip away boot sector protection"?

    They invented a few of the modern ways to scan for and stop virus, spyware and spam email from getting into a windows box, pretty much every one else in the industry will accede to that, why do these guys think, they can get a free lunch for something someone else invented a fair while back.

    Symantec wouldn't be paying up unless th

    • Re: (Score:2, Insightful)

      by Anonymous Coward
      AV scanning SMTP isn't an invention, it's the very definition of freaking obvious. The patent is a joke.
    • They invented a few of the modern ways to scan for and stop virus, spyware and spam email from getting into a windows box, pretty much every one else in the industry will accede to that, why do these guys think, they can get a free lunch for something someone else invented a fair while back.

      If by "invented" you mean "applied established techniques in a way that's obvious to a five-year-old and thus is not eligable for patent protection except if the patent office is out of control and making up the law as

    • Re: (Score:3, Interesting)

      by cfulmer (3166)

      Symantec wouldn't be paying up unless they knew it was an un-winnable case.

      Phooey. Here's a fairly common scenario:

      (1) Company gets questionable patent
      (2) Company offers a very inexpensive license to a big-name suspected infringer
      (3) big-name suspected infringer buys the license because it's a lot cheaper than litigating
      (4) Company goes around to others and says "big-name suspected infringer has a license, so it must be legit. Pay up." Only, this time, Company asks for a lot more money.

      The US Patent

      • I don't think ClamAV itself would be the targetted product. It in and of itself is just a general purpose virus scanner. The projects that could come under fire would more likely be products that tie it into the email system, such as amavisd-new and such.

  • Scrap patents completely across the board. The days of government-backed monopoloies are dead and gone, aren't they? So let's ditch the corrupted patent system altogether.

    TWW

  • Excise said offending code from the codebase, then, make it available as a free plugin hosted outside of the United States.

    Done.

    • Excise said offending code from the codebase,

      That won't work in this case. The patent is for "A system for detecting and eliminating viruses on a computer network includes a File Transfer Protocol (FTP) proxy server, for controlling the transfer of files and a Simple Mail Transfer Protocol (SMTP) proxy server for controlling the transfer of mail messages through the system." So for Barracuda to comply they must stop scanning e-mails for viruses in their products.

      This also means that it is not the use of Cla

  • Barracuda makes the problem worse (Score:5, Interesting)

    by Arrogant-Bastard (141720) on Tuesday January 29 2008, @09:26AM (#22221062)

    Note that Barracuda's products are notorious for generating spam. Barracuda's engineers were informed of the problem years ago, provided with a fix -- and stubbornly refused to address the situation. It's no wonder that there are now thousands of Barracuda installations on various blacklists. (Two examples: Backscatterers [backscatterers.com] and Backscatterer.org [backscatterer.org]) Barracuda doesn't seem to care as long as they make money.

    A secondary point is that Barracuda's products are NOT open-source. Oh, they're built almost entirely on open-source (an open-source operating system, an open-source mail server, an open-source anti-spam scanner, an open-source anti-virus scanner, etc.) but they're not open-source. Essentially what they've done is take all of that open-source code, slap a web front-end on it for the point-and-drool crowd, and then sell it. They're not in this to help out the Internet or stop spam or anything else admirable: they're in this to make money, and they're perfectly willing (see first point) to make the spam problem worse if it increases their profits.

    They're not alone in that -- there are others out there who are in business to profit from our collective misery. An excellent way of spotting such companies is to ask the question: "What would happen if the problem they claim to address was actually solved?" If the answer to that question is "they would go out of business", then their motivation for always treating the symptoms and never treating the underlying cause will become clear.

    • Interesting. Barracuda's recommended settings (I have one sitting next to me we no longer use) are to have the bounce-on-reject or whatever its called turned off. The default is to have it on, but the defaults are clearly defined as a least restrictive/change these to meet your environment before putting in production sort of thing.

    • Re: (Score:3, Insightful)

      by svallarian (43156)
      I couldn't give a spit that the front end isn't open source. All I know is that I was able to get gateway level spam protection for under $5k for 200 users. Which would have cost well over $20k+ for a commercial solution that only works half as well. And, yes, I could have set all of that up from scratch and save a few thousand, but my time is better spent elsewhere.

    • Re: (Score:3, Informative)

      by element-o.p. (939033)
      Not to mention that my six year old daughter could provide better tech support than Barracuda does :(

      We use a pair of Barracudas where I work to filter incoming e-mail, and in all truth, they work really, really well. That is, until something breaks. One of our units had problems with its hard drive, so we called tech support. They dinked around with the box (on our network) for over a week without fixing it -- all the while it was spooling up mail, but not delivering it -- and then things got bad. T
  • I did a quick advanced search up until 1995 and found bits and pieces of stuff. I think y ou would have to search for all the available anti-virus at the time and THEN look for modules that handled proxy filtering.

  • Err (Score:3, Funny)

    by Vexorian (959249) on Tuesday January 29 2008, @09:53AM (#22221338)
    I guess I'll wait for a new protocol to come and patent "Fighting virus on XX protocol" That should do it. Man, this patent is so retarded, Trend Micro should be ashamed for ever filing it...

  • Hang on a second... (Score:5, Insightful)

    by PinkyDead (862370) on Tuesday January 29 2008, @10:01AM (#22221438) Journal
    I must be missing something here...

    I have configured for a number of my clients their own SMTP servers for which I charge. These servers are generally gateways with postfix as the server. The anti-virus is ClamAV which is called by postfix.

    Or to put it another way they have 'anti-virus detection on an SMTP or FTP gateway'.

    Does this this mean I have violated this patent? Or should the patent be rewritten as 'Patent 5,623,600: Installing software on a computer'?

  • A quick google for prior art... (Score:5, Informative)

    by martyb (196687) on Tuesday January 29 2008, @10:21AM (#22221654)

    Thanks to google and its archive of usenet posts: this query [google.com] on google groups of: "FTP SMTP virus proxy server group:comp.*" for the time period of 01-Jan-95 through 26-Sep-95 (the patent was filed on 26-Sep-95) returned this link [google.com].

    It appeared in the comp.security.misc newsgroup and the first few paragraphs (emphasis added) suggests to me this might be prior art:

    FOSE '95, WASHINGTON, March 21 /PRNewswire/ -- Norman Data Defense Systems, Inc. today introduced the Norman Firewall, a firewall providing a single, highly secured route for data traveling between networks and the Internet.

    "We are proud to deliver a new level of data defense for networks that are currently vulnerable to attack from a variety of global data security threats, including hackers and viruses," said Norman Data Defense Systems, Inc. President and CEO David J. Stang, Ph.D.

    Like a sentry positioned to identify visitors and then authorize or deny entry, the Norman Firewall combines an integrated front-end server, proxy server, and virus detector to defend systems and information. The Norman Firewall essentially opens incoming and outgoing data packets, and inspects, virus-checks (against more than 6,500 known viruses), and repackages the data packets, before delivery to their destination. No packets ever need to directly enter or leave internal networks.

    I don't have time right now to search further, but wanted to put this out there for others to follow up on. Any takers?

    P.S. As a point of comparison, consider that the Morris Worm [wikipedia.org] was released onto the internet on 02-Nov-88 (more details here: A Tour of the Worm [std.com]) and THAT was nearly SEVEN YEARS before this patent was filed!

  • Trend Micro and open source... (Score:3, Interesting)

    by nologin (256407) on Tuesday January 29 2008, @10:29AM (#22221734) Homepage
    Hmm, the last time I installed a Trend Micro product was about 18 months ago. I know that back in that time, Trend was using postfix on their SMTP gateway anti-virus products implemented on Linux systems.

    If Trend Micro is really trying to prevent other companies from offering cheap solutions for anti-virus/anti-spam gateways, I would take a long hard look at how they themselves got to where they did at this point in time.

  • Is it just me, or.. (Score:3, Interesting)

    by Seth Kriticos (1227934) on Tuesday January 29 2008, @10:58AM (#22222040)
    Is anyone else starting to get tired of this?

    The patent system was invented quite some decades ago to protect inventors from other people, who just stole their inventions and made profit of it.

    Back in that days, inventions were actually realy made and development was so slow, that 20 years were a reasonable time for the protection of the invention.

    Then time moved on, the number of real inventions did not realy rase, but most stuff was just a mere reorganization of existing stuff, but the number of patents went up.

    Nowdays, if someone realy invents something, that would make the world a better place, some big corporation ensures, that it never surfaces bigger public, because that would harm their bussiness. (Like some drafts of more effective engines, and the like).

    Now we start putting patents on Software, which is like a book, and should get copyright, but why on earth sould it be patented? And where does that benefit the creation of new inventions? It clearly does the opposit in most perspectives.

    So maybe I'm missing the point, but I don't realy see, why this kind of system can keep existence, even thow it slowly brings economy to ruin and helps humanity to get a step closer to selfdestruction. Hmm.. Maybe I'm a bit exagerating, please prove me wrong.
Search
Kleeneness is next to Godelness.

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.